_
/ | ___ _____ ___ ___
_ / / | | | .'| . |
|_|_/ |_|_|_|_|_|__,| _|
|_|
2017-09-05
Analysing nmap results
======================
You're doing a red team gig and have a pile of nmap results and want to grab the low-hanging
fruits. You don't really care about the hosts, you are only looking for interesting ports.
github.com/magnusstubman/nmapoutputbrowser (NOB) gives you exactly this:
$ ./
nmapoutputbrowser.py scan1.xml
21/tcp
554/tcp
7070/tcp
Oh, and you want to include some other scan result as well from your colleague, who also did
a scan:
$ ./
nmapoutputbrowser.py scan1.xml scan2.xml
21/tcp
80/tcp
554/tcp
7070/tcp
8000/tcp
Okey, so there's web servers, let's find out how many:
$ ./
nmapoutputbrowser.py scan1.xml scan2.xml -v
21/tcp
| 192.168.87.149 ftp
| 192.168.86.1 tcpwrapped
| 192.168.86.4 ftp
80/tcp
| 192.168.86.4 http
554/tcp
| 192.168.87.149 rtsp
| 192.168.86.1 tcpwrapped
| 192.168.86.4 rtsp
7070/tcp
| 192.168.87.149 tcpwrapped
| 192.168.86.1 tcpwrapped
| 192.168.86.4 realserver
8000/tcp
| 192.168.86.4 http-alt
Let's see the NSE results:
$ ./
nmapoutputbrowser.py scan1.xml scan2.xml -vv
21/tcp
| 192.168.87.149 ftp
| 192.168.86.1 tcpwrapped
| 192.168.86.4 ftp
80/tcp
| 192.168.86.4 http
| http-favicon: Unknown favicon MD5: 89B932FCC47CF4CA3FAADB0CFDEF89CF
| http-methods:
| Supported Methods: OPTIONS GET HEAD POST PUT DELETE
| Potentially risky methods: PUT DELETE
| http-server-header: DNVRS-Webs
| http-title: index
554/tcp
| 192.168.87.149 rtsp
| 192.168.86.1 tcpwrapped
| 192.168.86.4 rtsp
| rtsp-methods: ERROR: Script execution failed (use -d to debug)
7070/tcp
| 192.168.87.149 tcpwrapped
| 192.168.86.1 tcpwrapped
| 192.168.86.4 realserver
8000/tcp
| 192.168.86.4 http-alt
Now imagine that you are working with enormous datasets with thousands of ports.
If you use it and have an opinion about it, let me know!